commit aba81fd143292da8b0bf63a31e039964d1d070ad
Author: LinuxSquare <7436714-OfficialLinuxSquare@users.noreply.gitlab.com>
Date:   Tue Apr 25 21:32:28 2023 +0200

    Initial Commit

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..1347240
--- /dev/null
+++ b/README.md
@@ -0,0 +1,9 @@
+# Noveria Salt-State
+
+![SaltStack® Logo](https://upload.wikimedia.org/wikipedia/commons/6/64/SaltStack_logo_blk_2k.png)
+
+This repository is for the master-less salt-statetree for the noveria host, running Fedora Server (insert latest version here).
+
+It managed the complete system using the saltproject.
+
+For further instructions, head to the official salt docs: https://docs.saltproject.io/en/latest/contents.html
diff --git a/services/files/ssh_authorized_keys b/services/files/ssh_authorized_keys
new file mode 100644
index 0000000..f2fa2a7
--- /dev/null
+++ b/services/files/ssh_authorized_keys
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2kBMGGTKYtcIC8oJSqG0BvUXabIYyttte06pGtJ3f5
diff --git a/services/files/ssh_sshd_config b/services/files/ssh_sshd_config
new file mode 100644
index 0000000..5ae71a1
--- /dev/null
+++ b/services/files/ssh_sshd_config
@@ -0,0 +1,130 @@
+#       $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+# To modify the system-wide sshd configuration, create a  *.conf  file under
+#  /etc/ssh/sshd_config.d/  which will be automatically included below
+Include /etc/ssh/sshd_config.d/*.conf
+
+# If you want to change the port on a SELinux system, you have to tell
+# SELinux about this change.
+# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
+#
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin prohibit-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile .ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#KbdInteractiveAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+#KerberosUseKuserok yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+#GSSAPIEnablek5users no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
+# problems.
+#UsePAM no
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem sftp /usr/libexec/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#       X11Forwarding no
+#       AllowTcpForwarding no
+#       PermitTTY no
+#       ForceCommand cvs server
diff --git a/services/init.sls b/services/init.sls
new file mode 100644
index 0000000..aee863f
--- /dev/null
+++ b/services/init.sls
@@ -0,0 +1,4 @@
+include:
+    - .mysql
+    - .podman
+    - .ssh
diff --git a/services/mysql.sls b/services/mysql.sls
new file mode 100644
index 0000000..7d96f45
--- /dev/null
+++ b/services/mysql.sls
@@ -0,0 +1,19 @@
+include:
+    - system.packages
+
+system_service_mysql_enable:
+    service.enabled:
+        - name: mysql
+        - require:
+            - system_packages_install
+    file.directory:
+        - name: /var/lib/mysql
+        - create: False
+        - replace: False
+        - user: mysql
+        - group: mysql
+        - recurse:
+            - user
+            - group
+        - require:
+            - system_packages_install
diff --git a/services/podman.sls b/services/podman.sls
new file mode 100644
index 0000000..789c62c
--- /dev/null
+++ b/services/podman.sls
@@ -0,0 +1,8 @@
+include:
+    - system.packages
+
+system_service_podman_enable:
+    service.enabled:
+        - name: podman
+        - require:
+            - system_packages_install
diff --git a/services/ssh.sls b/services/ssh.sls
new file mode 100644
index 0000000..bd979b4
--- /dev/null
+++ b/services/ssh.sls
@@ -0,0 +1,25 @@
+include:
+    - system.packages
+
+system_ssh_add_keys:
+    file.managed:
+        - name: /root/.ssh/authorized_keys
+        - source: salt://{{ tpldir }}/files/ssh_authorized_keys
+        - makedirs: True
+        - user: root
+        - group: root
+        - require:
+            - system_packages_install
+            - system_ssh_add_folder
+
+system_ssh_configuration:
+    file.managed:
+        - name: /etc/ssh/sshd_config
+        - source: salt://{{ tpldir }}/files/ssh_sshd_config
+
+system_ssh_enable:
+    service.enabled:
+        - name: sshd
+        - require:
+            - system_ssh_configuration
+            - system_ssh_add_keys
diff --git a/system/btrfs.sls b/system/btrfs.sls
new file mode 100644
index 0000000..fac947f
--- /dev/null
+++ b/system/btrfs.sls
@@ -0,0 +1,20 @@
+system_btrfs_create_podman_data_dir:
+    cmd.run:
+        - creates: /opt/podman
+        - name: btrfs subvolume create /opt/podman
+    file.managed:
+        - name: /opt/podman
+        - create: False
+        - replace: False
+        - user: root
+        - group: root
+
+system_btrfs_create_noveria_home:
+    cmd.run:
+        - creates: /home/noveria
+        - name: btrfs subvolume create /home/noveria
+
+system_btrfs_create_mysql_data_dir:
+    cmd.run:
+        - creates: /var/lib/mysql
+        - name: btrfs subvolume create /var/lib/mysql
diff --git a/system/init.sls b/system/init.sls
new file mode 100644
index 0000000..831ec93
--- /dev/null
+++ b/system/init.sls
@@ -0,0 +1,4 @@
+include:
+    - .btrfs
+    - .user
+    - .packages
diff --git a/system/packages.sls b/system/packages.sls
new file mode 100644
index 0000000..2e18c8c
--- /dev/null
+++ b/system/packages.sls
@@ -0,0 +1,15 @@
+include:
+    - .btrfs
+
+system_packages_install:
+    pkg.installed:
+        - pkgs:
+            - podman
+            - cockpit-podman
+            - podman-docker
+            - podman-compose
+            - mariadb-server
+            - java-latest-openjdk-headless
+        - require:
+            - system_btrfs_create_podman_data_dir
+            - system_btrfs_create_mysql_data_dir
diff --git a/system/user.sls b/system/user.sls
new file mode 100644
index 0000000..ad59324
--- /dev/null
+++ b/system/user.sls
@@ -0,0 +1,22 @@
+include:
+    - .btrfs
+
+system_user_create:
+    user.present:
+        - name: noveria
+        - shell: /bin/false
+        - home: /home/noveria
+        - usergroup: True
+        - createhome: False
+
+system_user_create_home_noveria:
+    file.directory:
+        - name: /home/noveria
+        - user: noveria
+        - group: noveria
+        - mode: 700
+        - recurse:
+            - user
+            - group
+        - require:
+            - system_btrfs_create_noveria_home
diff --git a/top.sls b/top.sls
new file mode 100644
index 0000000..f4d6f3a
--- /dev/null
+++ b/top.sls
@@ -0,0 +1,4 @@
+base:
+    '*':
+        - .system
+        - .services